stackoom
  简体   繁体   中英

Django REST Framework - How to quickly checks user permissions?

 原文  2018-03-22 23:05:02       django/ django-rest-framework/ django-permissions

Question

I usually use the permission_required the decorator to quickly deny users from accessing the view. 

from django.contrib.auth.decorators import permission_required

@permission_required('my_app.view_mymodel',login_url='/sign_in/')
def my_view(request):
    ...

Now, I'm using DRF and I'm trying to find a proper way to checks user permissions. Right now, I'm using the DjangoModelPermissions which is fine, but since it works according to the defined view's queryset, sometimes I need to checks permissions that are not the ones defined for the view's queryset.

Is there a way to quickly check permissions just by providing a list of perms' strings?

Note: I know that I can extend BasePermission and define my own logic, but would produce a lot of classes.

2 answers

solution1
 1  2019-10-24 09:47:07

It works for me like this:

within your views: 

from rest_framework.decorators import api_view
from .permissions import permission_required

@api_view(['GET'])
@permission_required('permission')
def do_something(request):
    pass

within permissions: 

from rest_framework.permissions import BasePermission
from rest_framework.decorators import permission_classes

def permission_required(perm):
    def has_permission(self, request, view):
        return request.user.has_perm(perm)
    Can = type(
        'WrappedAPIView',
        (BasePermission,),
        {'message': 'You can not do ' + perm,
        'has_permission': has_permission}
    )
    def decorator(func):
        func.permission_classes = [Can]
        return func
    return decorator

solution2
 0  2018-03-22 23:09:50

You can achieve this by using the DRF 's decorators ( @api_view and @permission_classes ): 

from rest_framework.decorators import api_view, permission_classes
from rest_framework.permissions import IsAuthenticated
from rest_framework.response import Response

@api_view(['GET'])
# At first, you should define your view as an API view
# by using the @api_view decorator

@permission_classes((IsAuthenticated, ))
# With the @permission_classes decorator you can provide a tuple
# with the desired permissions for this view

def example_view(request, format=None):
    content = {
        'status': 'request was permitted'
    }
    return Response(content)

And now your example_view can be accessed only by authenticated users.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Django REST framework checks unnecessary permissions How to serialize user permissions in Django Rest Framework? How to filter user related records with permissions in Django Rest Framework Django rest framework user models permissions Why user permissions are not showing in Django Rest Framework? Django REST framework JWT checks user from database with every request permissions : in django rest framework How do you prefetch django user groups for permissions checks How to use Django User Groups and Permissions on a React Frontend with Django Rest Framework Custom permissions for different user types django rest framework
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM